+

Search Tips   |   Advanced Search

 

Configure outbound transports

 

By using this configuration, you can configure a different transport for inbound security versus outbound security. Outbound transports refers to the transport that is used to connect to a downstream server. When you configure the outbound transport, consider the transports that the downstream servers support. If you are considering SSL, also consider including the signers of the downstream servers in this server truststore file for the handshake to succeed.

When you select an SSL configuration, that configuration points to keystore and truststore files that contain the necessary signers. If you configured client certificate authentication for this server by completing the following steps, then the downstream servers contain the signer certificate belonging to the server personal certificate:

  1. Click Security > Secure administration, applications, and infrastructure.

  2. Under RMI/IIOP security, click CSIv2 outbound authentication

 

Overview

Complete the following steps to configure the outbound transport panels.

 

Procedure

  1. Select the type of transport and the SSL settings by clicking Security > Secure administration, applications, and infrastructure. Under RMI/IIOP security, click CSIv2 outbound transport. By selecting the type of transport, you choose the transport to use when connecting to downstream servers. The downstream servers support the transport that you choose. If you choose SSL-Supported, the transport that is used is negotiated during the connection. If both the client and server support SSL, always select the SSL-Supported option unless the request is considered a special request that does not require SSL, such as if an ORB is a request.

  2. Select the SSL required option if you want to use Secure Sockets Layer communications with the outbound transport. If you select the SSL required option, you can select either the Centrally managed or Use specific SSL alias option.

    Centrally managed

    Enables you to specify an SSL configuration for particular scope such as the cell, node, server, or cluster in one location. To use the Centrally managed option, specify the SSL configuration for the particular set of endpoints. The Manage endpoint security configurations and trust zones panel displays all of the inbound and outbound endpoints that use the SSL protocol. If you expand the Inbound or Outbound section of the panel and click the name of a node, you can specify an SSL configuration that is used for every endpoint on that node. For an outbound transport, you can override the inherited SSL configuration by specifying an SSL configuration for a particular endpoint. To specify an SSL configuration for an outbound transport, click Security > SSL certificate and key management > Manage endpoint security configurations and trust zones and expand Outbound.

    Use specific SSL alias

    Select the Use specific SSL alias option if you intend to select one of the SSL configurations in the menu below the option.

    This configuration is used only when SSL is enabled for LDAP. The default is DefaultSSLSettings. To modify or create a new SSL configuration, complete the steps described in Creating a Secure Sockets Layer configuration.

  3. [This information applies to V6.0.x and previous servers only that are federated in a V6.1 cell.] Select the SSL that are settings used for outbound requests to downstream Secure Authentication Service (SAS) servers. Click Security > Secure administration, applications, and infrastructure. Under RMI/IIOP security, click SAS outbound transport. Remember that the SAS protocol allows interoperability with previous releases. When configuring the keystore and truststore files in the SSL configuration, these files have the correct information for inter-operating with previous releases of WAS. For example, a previous release has a different personal certificate than the V6.x release. If you use the keystore file from the V6.x release, add the signer to the truststore file of the previous release. Also, extract the signer for the V6.x release and import that signer into the truststore file of the previous release.

    SAS is supported only between V6.0.x and previous version servers federated in a V6.1 cell.

 

Results

The outbound transport configuration is complete. With this configuration, you can configure a different transport for inbound security versus outbound security. For example, if the appserver is the first server used by end users, the security configuration might be more secure. When requests go to back-end enterprise beans servers, you might consider less security for performance reasons when you go outbound. With this flexibility you can design a transport infrastructure that meets your needs.

 

What to do next

When you finish configuring security, perform the following steps to save, synchronize, and restart the servers.

  • Click Save in the console to save any modifications to the configuration.

  • Synchronize the configuration with all node agents.

  • Stop and restart all servers, after synchronization.


Common Secure Interoperability V2 outbound transport settings

Secure Authentication Service outbound transport settings

 

Related tasks


Configure RMI over IIOP